Uma ungenza ukuthi i-crypto exchanges ziquka izixazululo ezingenalutho lapho ama-coins akho zihlala ngokushesha emangalisayo ngaphansi kwezingcele ze-ISO certifications ne-partners-signed audits-ukushisa isikhathi.
**I-Proof of Reserves?**Wonke umntu angakwazi ukufakelwa kwebhizinisi - ikakhulukazi lapho "ukudluliselwa" iyatholakala yi-partner company eyenziwe ngu-exchange itself.
**I-Licenses ne-Certificates?**Ama akuyona i-sysadmin ye-coffee eyenziwe noma i-hot wallet eyenziwe ngaphandle kwe-patched.
Noma Lazarus, owaziwa kwangaphakathi emkhakheni.
**I-Proof of Reserves?**Wonke umntu angakwazi ukufakelwa kwebhizinisi - ikakhulukazi lapho "ukudluliselwa" iyatholakala yi-partner company eyenziwe ngu-exchange itself.
**I-Licenses ne-Certificates?**Ama akuyona i-sysadmin ye-coffee eyenziwe noma i-hot wallet eyenziwe ngaphandle kwe-patched.
Noma Lazarus, owaziwa kwangaphakathi emkhakheni.
Futhi CEXes eningi, ukukhuthaza amabhayisikili ngosuku, ziye zithunywe - hhayi ama-bugs ezihlabathi, kodwa ama-exploits enhle.
Kuyinto isixazululo se6 major crypto exchangesukuthi akuyona kuphela hacked - bayedrained.
Izigidi ezigidi ziye zithunyelwe. Futhi ... ziye zithunyelwe. Abanye ziye ziye ziye ziye ziye ziye ziye ziye ziye ziye ziye ziye ziye ziye ziye ziye ziye ziye ziye zibe.
Ngenxa ye-crypto, njenge-horror movies:
If it didn’t kill you — it made you meaner.
Bitfinex (2016): $ 65M lapho, $ 4.5B manje
- Okufakiwe: Ama-hackers zitholela isizukulwane se-BitGo multi-sig wallet integration futhi zitholela i-120,000 BTC.
- Ungayifumana kanjani: Izinyanga ezingu-6 ngemva, i-FBI ihlolwe i-94,000 BTC. Yini? Ama-hackers wahlala ama-seed phrases zayo e-cloud. Yes. Enkosi.
- Umfundisi: Ngaphezu kwebhizinisi eziphambili kungase uxhumane isakhiwo. Futhi ama-hackers? Ngezinye izikhathi akuyona ama-elite cyber-ninjas - kuphela ama-amateurs abesifazane nge-Google Drive.
I-Binance (2022): I-$570M kanye ne-bridge ku-nothing
- I-Theft: Umbhali wahlala ama-proofs futhi wahlala i-2 million BNB nge-bug ku-Binance Bridge.
- Yini abalandeli: I-$100M ifakwe ngokushesha. Umlinganiselo wahlukaniswa nge-kedges.
- Ukubuyekezwa: I-Binance i-pause yonke inethiwekhi ye-BSC. I-Drastic, kodwa enhle.
- Moral: Futhi abacwaningi amakhulu ayikwazi ukuvikela isitimela esihle. Ngaphezu kwalokho uma unayo isitimela.
Bybit (2025): $1.5B - idokhumenti engaba akuyona
- Ukuphazamiseka: I-cold wallets ifakethe. Ukuvikelwa kwe-Vault-grade, ukuvikelwa kwe-key ye-front-desk.
- Umthombo we-Lazarus Group. Ngaphezu kwalokho.
- Ukuguqulwa: $ 43M nge-bug bounties, i-FBI, ne-German law enforcement.
- I-Takeaway: "I-Cold" akuzama ukuba akukwazi ukujabulela, ikakhulukazi uma ama-keys akukwazi ukujabulela.
Crypto.com (2022): 2FA? Yini 2FA?
- I-Exploit: Ama-hackers wahlanganyela ukuhlolwa kwama-2-factor.
- Ukuphendula Okokuqala: “Nothing was stolen.” Izinsuku ezedlule: “Ok, $33.7M was stolen.”
- Fix: Ukuguqulwa kokugcwele kwe-2FA.
- Umfundisi: Uma ungumthombo we-centralized — ungumthombo we-Period.
KuCoin (2020): $280M kanye nesifundo sokuvuselela
- Yini kwenzeka: Classic hot wallet kompromisho.
- Ukuguqulwa: I-$204M ihlolwe ngokusebenzisa i-token freezes, ukweseka kwedolobha, nokulawula.
- Impressive: Enye yezinhlangano ezincinane ukufumana okungaphezulu.
- MVP: Isivinini kanye nezinhlangano ezinzima.
I-BingX (2024): I-$ 52M ne-script ye-classic
- I-Exploit: Izikhwama zangaphakathi zangaphakathi zangaphakathi. One key for all.
- I-Culprit: Mhlawumbe i-Lazarus ngokuvamile.
- Ukusabela: Imininingwane yokubhalisa ngokuphelele. Ngaphandle.
- Qaphela: It is always the hot wallets. Isikhathi.
Gate.io (2023): Panic ngaphandle kwe-hack
- Ukubuyekezwa: Akukho hack.
- Kodwa: Izithombe ze-Twitter zikhuthaza i-banking run. I-GT token ebandayo.
- Ukulungiswa kwayo: I-proof-of-reserves ebonakalayo i-$10B+ e-assets.
- Umhlahlandlela: Akukho zonke izivakashi zobuchwepheshe - ezinye kuphela FUD viral.
MEXC & WhiteBIT: Abacwaningi, akuyona abacwaningi
Ngokusho CoinGlass Rankings:
- MEXC: Akukho ukuphazamiseka ezinkulu. Ukukhishwa kwezimali ezimbini.
- WhiteBIT: Kuthengiswa ukuguqulwa $16M kusukela Rain.com Hack.
Ngaba ungenza ukuba abe nomdla ukuze abe nomdla. Noma okungenani sidekick.
Ngaba ungenza ukuba abe nomdla ukuze abe nomdla. Noma okungenani sidekick.
Yini konke okufundisa:
Hot wallets = isikhwama esihle
Uma amabhizinisi iyatholakala online, akuyona "Uma" - kuyintowhen.
Iziqu ze-centralized keys = isifo
One private key ukulawula kubo bonke? Akukho DevOps — nje idiphathu.
I-Social Engineering, i-Lazarus, kanye ne-error yabantu
I-hackers akuyona kuphela i-crack code - akuyona abantu.
Ukusabela ngokushesha = Ukusabela kakhulu
Okuningi ukhula, okungenani uzokufumana.
Wonke umuntu ukunakekela bonke (uma unemibuzo)
I-Exchanges, ama-governments, ama-analytics firms – ziye zihlanganisa.
Ngenxa yokuba i-hack elilodwa ingasiza ukuphazamiseka kwe-ecosystem ephelele.
Ngakho-ke ukuthi i-exchange kuyinto “ukhuseleko”?
Ngingathanda ukuthi i-exchange enhle kakhulu iyonaneverYenza Hacked
Ngini ndingathanda - kuyinto elilodwa esithathwe, kodwa i-bounced back.
Umthombo owenziwe ngempumelelo. Noma umphumela abanye ukwenza.
Lezi zihlukile, “ukudluliselwa” platforms?
Kwangathi akuyona nje nje.
Ukuhlobisa
|
Exchange |
Loss |
Recovered |
Cause |
Reaction |
|---|---|---|---|---|
|
Bitfinex |
$65M |
$3.5B |
Multi-sig flaw |
FBI recovery (6 yrs later) |
|
Binance |
$570M |
$100M |
Fake bridge proofs |
Paused BSC, froze funds |
|
Bybit |
$1.5B |
$43M |
Cold wallet breach |
Bounty + law enforcement |
|
Crypto.com |
$33.7M |
— |
2FA bypass |
Rebuilt authentication system |
|
KuCoin |
$280M |
$204M |
Hot wallet compromise |
Community + token freezes |
|
BingX |
$52M |
0 |
Hot wallet reused key |
Reimbursement pending |
|
Gate.io |
0 |
— |
FUD |
PoR release + transparency |
|
WhiteBIT |
— |
$16M (others) |
— |
Helped recover from Rain.com |
|
MEXC |
— |
— |
— |
Actively freezes stolen assets |
Ukubuyekezwa
$65M
Ukubuyekezwa
I-Multi-sig Flaw
I-FBI Recovery (6 iminyaka emva)
ikhaya
$570M
$100M
Fake Bridge Ukubuyekezwa
I-BSC ezihlangene, ama-funds ezihlangene
ikhaya
$1,5B
Ukubuyekezwa
I-Cold Wallet Ukukhishwa
I-Bounty + Ukuvikelwa kweMthetho
Ngena ngemvume
$33.7M
—
2FA Ukuhlobisa
Ukubuyekezwa uhlelo lokuvumelana
Ikhaya
Ukusuka $280
I-204M
Hot Wallet Ukuhlobisa
I-Community + i-token ye-freezes
ikhaya
$52m
0
Hot wallet isikhwama esebenzayo
Ukubuyekezwa kwezimali
Waze.io
0
—
Ngena ngemvume
I-PoR Release + Ukuhlobisa
Ukubuyekezwa
—
$16M (ezinye)
—
Thumela ukuguqulwa kusuka Rain.com
UKUSEBENZA
—
—
—
Ukukhishwa kwezimali ezimbonini
Imininingwane lokugqibela: Ingabe ufuna ukuhambisa ku-crypto?
Ukuvikelwa kwe-cold storage iyona kakhulu - kodwa akuyona ngokuqinisekile.
I-Diversify ngaphakathi kwe-5-10 CEXes, engokusekelwe ku-certifications, kodwa ku-how they handled real fires.
Thola amakhasimende enhle, imibuzo enhle yokuguqulwa, kanye ne-transparency okuyinto akuyona kuphela emangalisayo.
Ukuvikelwa kwe-cold storage iyona kakhulu - kodwa akuyona ngokuqinisekile.
I-Diversify ngaphakathi kwe-5-10 CEXes, engokusekelwe ku-certifications, kodwa ku-how they handled real fires.
Thola amakhasimende enhle, imibuzo enhle yokuguqulwa, kanye ne-transparency okuyinto akuyona kuphela emangalisayo.
I-attack elilandelayo kuyinkinga kuphela lapho.
Thola wena: Will your exchange be ready?
